People like simple solutions, but simple solutions aren’t always the best. Sometimes, instead of working, they simply provide a placebo effect of something being done. The real work of securing a computer isn’t that difficult, but it can be tedious. Moreover, the most important component of computer security is a careful, skeptical mindset, one that many would consider dreary or boring.
Take desktop security strategies. Even before the advent of anti-virus programs, a bit of care would have prevented most infections. But most either didn’t know what to do, or didn’t want to bother with basic precautions. When anti-virus programs became available, folks installed them but rarely updated the virus database. It seemed too compulsive to stand continuously on-guard against an ephemeral, invisible threat. But without updated virus data, even the best anti-virus software becomes “too-late-the-hero.”
There used to be a time when updating your anti-virus program once a month or so was sufficient. With the advent and spread of the Internet, the danger was highlighted by media coverage of the “I Love You” virus. Nowadays, once a week would be the bare minimum. Fortunately, the ’Net brought not only more threats but also more conveniences such as automatic updates. Simply set your anti-virus program to update itself regularly, even daily, and you might think that covers it. Not quite.
The wider availability of broadband Internet connections made anti-virus updates easier. But broadband also allows viruses and other attacks to hit your computer more quickly and more frequently. Aside from viruses, a computer is now exposed to a wider range of malware threats from Trojans, worms, and malicious websites.
Trojans are small programs that can sneak into your computer through shared files, e-mail (either in an attachment or via maliciously-crafted HTML) or from a malicious website. A Trojan may not do much, but once it has penetrated your defenses, it allows the entry of other malware.
One such malware is called a “keystroke logger.” A keystroke logger simply records your keystrokes, particularly when you’re logging on to password-protected sites such as those for webmail, bank accounts, or credit card transactions. The keystroke logger then sends this data to someone who will use it to compromise your accounts.
Keystroke loggers and other modern malware are quiet, even well-behaved intruders. Older viruses tended to slow down your computer, destroy data, or otherwise announce their presence. Modern malware is stealthier. Their purpose is to hide in your computer, doing their nefarious work for so long as they can avoid detection.
Silent malware can turn your computer into a “zombie” or “bot.” Large numbers of these computers become part of a “botnet,” which is often used to distribute spam. You may think this is relatively harmless, but the volume of spam being sent out is very high. If spam is traced back to your computer or account, your ISP can justifiably terminate your Internet connection.
To counter the growing range of malware threats there is a corresponding availability of security utilities: firewalls, anti-spyware, anti-rootkit, anti-almost-everything. Of these, the most important is a properly set up and configured firewall, such as ZoneAlarm.
Even then, what many often overlook is that even the best laid defenses can be rendered useless by “PBKAC” (problem between keyboard and chair). If you click on a link in spam e-mail or at a malicious website, then YOU are the biggest security threat to your computer!
This particularly applies to spam, phishing, and other e-mail scams. Here’s a simple rule: Don’t click on or even open an e-mail message that either comes from an unknown source or purports to be on a subject that your friend or officemate would not normally discuss in e-mail. Even if you do view the message, don’t ever click on a link, no matter how interesting it sounds. If you’re absolutely sure the link is harmless and useful, copy-paste it into your browser.
Yet so many people say, “Oh, I’ll just click on this link just this one time.” That one click may lead you to a malicious website. At the very least, it will tell the spammer that your e-mail account is active and that you are reading spam messages. When you click on a spam link, you are asking for more spam.
Anti-malware programs will not keep your computer safe, YOU will.
If enough malware successfully invades your computer it will slow it down or even destroy data. When it’s time to have a computer repaired or “cleaned,” few technicians will try more than a cursory attempt to actually fix the problem. In most cases, they will simply wipe out your data, reformat the disk, and charge you for it too. So, surf safely. It’s not just software, it’s an attitude.
print ed: 05/08